package com.travelsky.app.tag;

import java.util.Map;
import java.util.Set;

import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;

import org.apache.commons.lang.StringUtils;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.util.ExpressionEvaluationUtils;

import com.travelsky.app.persistence.Role;
import com.travelsky.app.persistence.User;
import com.travelsky.app.security.EhCacheBasedResourceCache;
import com.travelsky.app.security.support.SecurityUserHolder;

/**
 * 
 * 项目名称：travelsky   
 * 类名称：AuthorizeTag   
 * 类描述：权限标签   
 * 创建人：gchzhou gczhou@travelsky.com 
 * 创建时间：2011-5-19 下午02:22:25   
 * 修改人： gchzhou gczhou@travelsky.com
 * 修改时间：2011-5-19 下午02:22:25   
 * 修改备注：   
 * @version 1.0
 */
public class AuthorizeTag extends TagSupport {

	private static final long serialVersionUID = 2316711020091254646L;
	private String res = "";

	public int doStartTag() throws JspException {
	    //获取当前用户
		User cunrrentUser=SecurityUserHolder.getCurrentUser();
		if (cunrrentUser==null){
			return Tag.SKIP_BODY;
		}
		//获取资源缓存
		ServletContext servletContext = pageContext.getServletContext();
		WebApplicationContext webAppCtx = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
		EhCacheBasedResourceCache ehCacheBasedResourceCache = (EhCacheBasedResourceCache) webAppCtx.getBean("ehCacheBasedResourceCache");

		final String resourceValue = ExpressionEvaluationUtils.evaluateString("res", res, pageContext);
		Map<String, String> urlAuthorities = ehCacheBasedResourceCache.getUrlAuthoritiesFromCache();///helloWorld.action=ROLE_INDEX,ROLE_SUPER,ROLE_HELLO, /index.action=ROLE_INDEX,ROLE_SUPER
		String authRoleString = urlAuthorities.get(resourceValue);//ROLE_INDEX,ROLE_SUPER,ROLE_HELLO
		if (StringUtils.isBlank(authRoleString)) {
			return Tag.EVAL_BODY_INCLUDE;//该资源没有被任何角色所拥护，那么认为任何人都能访问此资源
		}
		Set<Role> currentUserRoles = cunrrentUser.getRoles();
		for (Role eachRole : currentUserRoles) {
			if (authRoleString.indexOf(eachRole.getName()) != -1) {
				return Tag.EVAL_BODY_INCLUDE;
			}
		}
		/*final String resourceValue = ExpressionEvaluationUtils.evaluateString("res", res, pageContext);
		Map<String, List<Resource>> roleResources = SecurityUserHolder.getCurrentUser().getRoleResources();
		Iterator<Entry<String, List<Resource>>> iter = roleResources.entrySet().iterator();
		while (iter.hasNext()) {
			Map.Entry<String, List<Resource>> entry = (Map.Entry<String, List<Resource>>) iter.next();
			List<Resource> resources = (List<Resource>) entry.getValue();
			for (Resource resource : resources) {
				if (resource.getValue().equals(resourceValue)) {
					return Tag.EVAL_BODY_INCLUDE;
				}
			}
		}*/
		return Tag.SKIP_BODY;
	}

	public String getRes() {
		return res;
	}

	public void setRes(String res) {
		this.res = res;
	}

}
